Compliance on a Budget: Can it be Done? What are the Risks?

Jack Garvey |

Like a lot of people, when I was a younger, I always wanted the newest toy or the shiniest item in the store.    An unfortunate reality of growing up is that as we become adults, we come to the realization that things cost money and that there are limits to what we can spend.    We find out that everyone has a budget — whether we like it or not.   (Let’s not get into the Government budget process!)

Similarly, as quality and compliance professionals we are often challenged by the realization that what we would like to accomplish with our operations costs a lot of money.   People cost money;   instruments cost money;   computers cost money;    excellence costs money.     We are given budget targets (often reduced year over year) to hit, and increasing expectations regarding inspection performance and enforcement actions.  Particularly in the current business climate, executive management is scrutinizing all expenditures for value and return on investment, and adding fixed costs (translated:  people) is simply not being considered.     Given that the departments central to carrying out the activities that support FDA quality and compliance are resource-intensive functions, and that even with the best computerized systems, there is simply a great deal of work that people (yes, living-breathing people) have to do, how can we do this on a budget?     Is it possible to be successful in this environment?     In other words, what can we not afford to do and what risks do we incur by not spending as much as we would like?

Like the adult that has come to the realization that we can’t afford everything, we need to accept that modern companies, particularly the FDA-regulated companies we work for, will never stop their quest for continual cost-reduction.   This is especially true now that revenue streams from blockbuster products are in jeopardy, and companies are scrambling to maintain profitability against the specter of government-influenced pricing.  Unfortunately, many companies simply reduce heads without an in-depth understanding of what parts of their operations will be compromised, and call that effective fixed-cost management.    The problem with this approach is that most people in today’s corporations are not sitting around reading The Wall Street Journal – many people are already working 10-12 hours per day, efficiently, and are already using technology.      So, simply cutting people that may already be working hard, without much consideration about what work is now not going to be done, can actually impede your business revenue and profitability objectives, and worse, can place your company at significant legal or regulatory risk.

The secret of how to accomplish these difficult, conflicting goals is really not so secret.  It does, however, require companies to do a little planning, a little analysis, and embrace a little change.    Let’s explore two basic principles that I would submit are fundamental to successful headcount reduction, or, maintenance of existing staffing while still improving outcomes:

It Starts With Risk…

It seems like everyone is talking about risk management these days.    Risk management has been formally embraced by the FDA, risk MAPs are required for new pharmaceutical product introductions, risk concepts have been formally integrated into ICH Q10, and there is a growing cottage industry related to risk management and how to perform it.    While everyone is talking about risk management, most substantive information I review on risk management refers to risk management as the identification of all risk and the comprehensive set of activities that are intended to minimize or eliminate that risk.

However, true risk management starts with a very fundamental, and sometimes difficult principle for people to embrace – that is – that not all risk is equivalent, and that differentiation of risk is the most important factor in cost-effectively managing today’s quality and compliance operations.    The reason this is so difficult is that by differentiating risk, and focusing on only those risks that, well, present the most risk, you are implicitly acknowledging that you will take no action – purposefully – against some things that you know may go wrong.   This is a difficult concept to embrace in Corporate America today – executives have been less than enthusiastic about embracing mistakes – and, it is a difficult concept to present to the FDA when things go wrong.   However, it is imperative to understand that if you don’t differentiate risk, and address significant risks accordingly, you face the prospect of spreading your limited resources thin and ultimately, facing greater failure or more significant issues in areas that could create extraordinary problems for your company.   So, risk differentiation is an essential part of managing FDA-regulated operations today;   and fortunately, with the right assistance, there are methods and practices that can help you truly separate the proverbial wheat from the chaff with respect to your company’s quality and compliance risk.

… It Ends With Change

The other essential aspect to maintaining your functional operational outcomes while reducing or maintaining your fixed costs (headcount) is that you can’t expect other people to just “pick up” work that the targeted resources are performing, or, add additional  work to their already over-crowded plates.  There has to be a change in the way work is performed to make the work processes more efficient – in other words, so you can do more with less.     Without doing so, you simply are cutting possibly essential activities from occurring without understanding the impacts of the reduction.

The changes that could be considered to achieve efficiency improvements are extremely diverse.    You may need to make changes to process design;   you may need to implement new or improved computer systems;  you may need to change/upgrade your personnel capabilities;  you may need to add new equipment or automation;  you may need to make your documentation simpler.    The possibilities and the interrelated permutations are many and varied, but, it is essential that these possibilities be identified, and that maximum returns on investment be considered before changes are made.

On this topic, much has been made of what are called “lean” principles for process redesign and improvement.   The terms “Lean Quality” and/or “Lean Compliance” have become de rigueur in certain circles.    I guess because I hate buzzwords, I have refrained from embracing these terms – I look at the concept of Lean as basically a structured repackaging of pre-existing principles, and accordingly, not something that is really all that new (albeit, also not often well applied!).     Lean is, at its core, a very sound and effective approach to process redesign and organizational improvement.   In fact, Lean, like Six Sigma, and a host of other quality management and engineering tools, can provide significant value to the enterprise when applied and used properly as supportive of the changes that are necessary for the organization to make to ultimately, achieve more with less.

Managing FDA-regulated operations is not for the faint of heart.   Heavy science.   Strict regulation.   Overwhelming documentation.   Significant risk.   Extraordinary cost pressures.    However, by properly differentiating risk, and by engaging in well-substantiated operational change, you can improve your odds of success with all your stakeholders – executive management, the FDA, and your customers.

One thought on “Compliance on a Budget: Can it be Done? What are the Risks?

  1. An update to the article. In the 3/8/2010 Wall Street Journal, Medical Device CEOs Checking the Pulse on Expenses,, Dan Lemaitre, president and CEO of White Pine Medical Inc. and the former CEO of CoreValve Inc., which was sold last year to Medtronic Inc. for $700 million cash, says, “Does it really make sense having multiple HR departments, finance departments and other stuff that is not central to the company’s mission? You’ve got to consolidate some of those functions.”

    Good question Dan. Does it also make sense to have complex procedures and systems, poorly defined authority and decisionmaking, lack of integration between division and corporate, failure to leverage knowledge within the organization, etc. etc.??

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.